HP UX Patch Management manual Patch management overview

Page 44

Some specific criteria to consider when planning your change:

Backup of your system.

System down time.

When are your maintenance windows? What length of time are they?

In the event of patches causing negative side effects, what steps will you take to back out changes, and how long will it take to execute these steps?

To significantly reduce downtime, and to take advantage of the ability to easily switch back to your original image if the applied patches cause any negative side effects, consider using Dynamic Root Disk (DRD). With DRD, you create a copy of the root disk (or clone) that you can apply patches to, while your system is still up and running. Once all the patches are loaded on the clone, you can then reboot the system, using the clone as your active root volume. If for any reason you decide that the patched root volume does not perform as you desire, you can quickly reboot the original system image. For more information, please see Chapter 9 (page 86).

Installing patches.

Review Special Installation Instructions.

Prior to beginning the process of patch installation, review the patches to be installed to find any associated Special Installation Instructions. You can use the show_patches –itcommand directed at the source depot to list Special Installation Instructions documented within any patches in the depot. For more information, see show_patches(1).

Install patches on the systems.

Verify patches.

Verify that the patches installed correctly and that the patch had the desired effect.

Recover disk space.

If disk space is an issue, you might find that you need to commit patches. This process recovers disk space consumed by files that were saved to allow patch rollback. Your organization should develop a formal plan to determine when and how patches should be committed. See Chapter 3: “HP-UX patch overview” (page 17) for more information.

If you have opted to use DRD to reduce your downtime, you will need to create a clone and apply the patches to the clone, then boot the clone once all changes have been implemented. For more information, please see Chapter 9 (page 86).

4.Tracking the patch levels of the systems. (Patch level refers to the set of active patches on the system.)

Patch level is important when determining which patches are needed on each system.

You need to know the patch levels of the systems when interpreting patch testing results.

If you need to open a support call, you might be asked for the current patch level to aid in troubleshooting.

You should keep all similarly configured production systems at the same patch level.

5.Managing patch-related changes to systems.

You might find it helpful to log all patch-related system changes.

You might find it helpful to document the results of patch testing and installation.

Many customers find it helpful to have a formal change-request process associated with their patch management process.

44 Patch management overview

Page 43 Page 45
Image 44
Page 43 Page 45
Contents Patch Management User Guide for HP-UX 11.x Systems Revision history Table of Contents What are standard HP-UX patch bundles? Using Dynamic Root Disk for patch management 104 107HP-UX patches and patch management Patch management strategiesHow to get patches Where to startQuick start guide for patching HP-UX systems OverviewBefore you begin Should you use standard HP-UX patch bundles?Acquiring the bundles Acquiring and installing standard HP-UX patch bundlesStandard HP-UX patch bundles Installing the bundles As root, run the createdepothp-ux11scriptAdvanced topic using Dynamic Root Disk DRD SwlistAcquiring and installing individual patches Acquiring the patchesQuick start guide for patching HP-UX systems Installing the patches Swverify -d \* @ /tmp/somepatchdirectory/depotAdvanced topic using Dynamic Root Disk DRD HP-UX patch overview Patch-related conceptsPatch identification HP-UX software structurePatch bundles Software depots and patch depotsPatch status Patch stateSwlist -l fileset -a state grep patchid StateCategory tags Which patches are on a system? Swlist -l product -a categorytag patchidExamples of the swlist command For example$ swlist -l product *,c=patch $ swlist -l product *,c=manualdependencies $ swlist -l bundle @ somesystem$ swlist -l fileset -a ancestor PHSS29183 Ancestors and supersessionAncestors $ swlist -a appliedpatches Xserver.AGRM SupersessionSwlist -a appliedpatches filesetname Swlist -l patch -x showsupersededpatches=true Showpatches -s$ swlist -l fileset -a supersedes PHSS28681 Swlist -a patchstate -x showsupersededpatches=true patchidPatch-related attributes HP-UX Patch Supersession ChainSee Category tags Corequisites and prerequisites Patch dependenciesTypes of dependencies Swlist -vl fileset -a dependencytype fileset Enforced and unenforced manual dependenciesImpact of dependencies on acquiring patches Patch commitment Patch rollback and commitmentPatch rollback HP-UX patch ratings Advanced topic patch cleanup utilityCleanup -p -c number HP patch rating Rating detailsCritical and noncritical patches Finding information for a specific patchPatch documentation $ swlist -l product -a categorytag PHSS30011Subset of fields in patch text file and patch details Obtaining information using the Itrc Patch warningsAdvanced topic the readme attribute Swlist -l product -a readme patchid moreCritical and noncritical warnings Advanced topic finding patches with warnings How to handle patch warningsQuestions to ask Backup and recovery ConsiderationsPatch management overview Patch management life cyclePatch management life cycle Patch management overview Establishing a software change management strategy Restrictive Conservative InnovativeRecommendations for software change management Operational factor and patch management strategy matrixConsideration of HP patch rating Patch management and software depotsProactive patching strategy Acquiring patches for proactive patchingReactive patching strategy Advanced topic HP-UX Software AssistantAdvanced topic security patching strategy Acquiring patches for reactive patchingTesting the patches to be installed Advanced topic scanning for security patchesStandard HP-UX patch bundles Key featuresWhat are standard HP-UX patch bundles? Obtaining standard HP-UX patch bundles Standard HP-UX patch bundle use and release datesQuick start guide for patching HP-UX systems Using the IT Resource Center Obtaining an Itrc user accountUseful pages on the Itrc Find individual patchesKey features Accessing the patch database and finding an individual patchClick the add to selected patch list button Using the IT Resource Center Advanced topic checking for all patch dependencies Check for patches with dependenciesUsing the IT Resource Center Click the add to selected patch list button Standard patch bundles Custom patch bundles run a patch assessmentSupport information digests Ask your peers in the forumsSearch knowledge base Using software depots for patch management Common software distributor commands for patchingDepot types Directory depotsUsing depots Tape depotsSwlist -l depot Viewing depotsChoosing depot type and depot location $ swlist -l depot @ swdepot.xyz.com $ swlist -l depotSwlist -l depot @ remotesystem Creating and adding to a directory depot Copying patches to depots Depot/patches/11.11Copying products with patch dependencies to depots Registering and unregistering directory depotsAdvanced topic HP-UX Software Assistant Advanced topic access control lists Examples of registering and unregistering depots$ swreg -l depot /depot/patches/2003-07periodicdepot $ swreg -u -l depot /depot/patches/2003-07periodicdepot$ swverify -d \* @ /mydepots/newdirectorydepot Verifying directory depotsExamples of verifying directory depots Verification had errors Removing software from a directory depotVerification succeeded $ swverify -d \* @ /mydepots/PHSS30278depotExecution succeeded $ swlist -l product -d @ /mydepots/patchdepot $ /usr/sbin/cleanup -d /mydepots/patchdepotAdvanced topic removing superseded patches from a depot Installing patches from a depot Removing a directory depot$ swlist -l product @ /mydepots/patchdepot $ swreg -u -l depot /mydepots/PHCO27780depotReboots the system when required Examples of installing patches from a depot Analysis succeededAnalysis and Execution succeeded Installing products with patch dependencies from a depotCustom patch bundles Rev Bundle Description Examples of listing patches and bundlesRev Patch description Creating a custom bundle $ swlist -d @ /mydepots/temporarydepotAnalysis succeeded Finally, remove the temporary depot Using HP-UX Software Assistant for patch management For more informationUsing Dynamic Root Disk for patch management Drd1m Benefits of the Patch Assessment Tool Using the Patch Assessment ToolPatch Assessment Tool Example of running the Patch Assessment Tool Select upload new system information Related information Support and other resourcesContacting HP Non-HP websites Typographic conventionsHP websites Times Patch usage models Patch usage model 1 hardware/application software change Components in test Image Then productionDRD Begi n Product needs to be certified on HP-UX 11i v2/v3 Patch usage model 3 operating environment cold install Patch usage model 3 operating environment cold install Patch usage model 4 operating environment update Patch usage model 4 operating environment update Patch usage model 5 proactive patch Create clonePatch usage model 6 reactive patch Passed? SystemGlossary AncestorIPD SWA Index Index See also HWE Index
Top Page Image Contents